About Me

Mitch Wheat has been working as a professional programmer since 1984, graduating with a honours degree in Mathematics from Warwick University, UK in 1986. He moved to Perth in 1995, having worked in software houses in London and Rotterdam. He has worked in the areas of mining, electronics, research, defence, financial, GIS, telecommunications, engineering, and information management.
Mitch has worked mainly with Microsoft technologies (since Windows version 3.0) but has also used UNIX. He holds the following Microsoft certifications: MCPD (Web and Windows) using C# and SQL Server MCITP (Admin and Developer). His preferred development environment is C#, .Net Framework and SQL Server. Mitch has worked as an independent consultant for the last 10 years, and is currently involved with helping teams improve their Software Development Life Cycle. His areas of special interest lie in performance tuning

Wednesday, November 29, 2006

SQL Server More Secure Than Oracle

Between December 2000 and November 2006, external researchers discovered 233 vulnerabilities in Oracle's products compared with 59 in Microsoft's SQL Server technology, according to NGSS, which has worked for Microsoft in the past to make its software products more secure.

...

The NGSS report comes at a time when security researchers, irked by whatthey consider to be Oracle's glacial pace of fixing bugs, are increasingly turning their attention to its products.

Sunday, November 26, 2006

New Features in C# 3.0 (part 2)

Implicitly Typed Local Variables

Implicit typing of local variables is a language feature that allows the type of a variable to be inferred at compile time from the type of the variable’s initialization expression. LINQ query expressions can return types, created dynamically by the compiler, containing data resulting from queries.

Implicitly typed variables should not be confused with untyped variables in scripting languages such as VBscript, or variants in VB6, where a variable can hold values of different types over the course of its lifetime. Once the compiler infers an implicit variable’s type from the expression used to initialize it, it’s type is then fixed just as if the variable had been explicitly declared with that type. Assigning a value of a different type will result in a compile time error.

var x; // Error: type is not known.

var x = { 1, 2, 3 }; // Error: type is not known.

var n = 8; // n implicitly typed as int

n = "This will not compile";

Extending Types with Extension MethodsExtension methods enable developers to extend the functionality of existing types by defining new methods that are invoked using the usual instance method syntax. Extension methods (defined as static) are declared by specifying the modifier keyword this on the first parameter of the method. Extension methods can be added to any type, including the generic types such as List and Dictionary, as shown in this slightly contrived example:

Here, the delegate determines whether the input integer is an odd number. C# 3.0 takes this further and introduces lambda expressions, a functional programming syntax for writing anonymous methods.

A lambda expression is written as a parameter list, followed by =>, followed by an expression. The parameters of a lambda expression can be explicitly or implicitly typed. In an explicitly typed parameter list, the type of each parameter is explicitly stated:

(int x) => x + 1

In an implicitly typed parameter list, the types of the parameters are inferred from the context in which the lambda expression is used. In addition, if a lambda expression has a single, implicitly typed parameter, the parentheses may be omitted from the parameter list:

Saturday, November 25, 2006

Microsoft Best Practices Analyser

As usual, Scott Hanselman beat me to it (!) with his recent blog post Microsoft Best Practices Analyzer Tools where he gives a round-up of the offerings from Microsoft and muses whether we will be seeing a combined tool soon, which seems likely given this codeplex project called the Microsoft Best Practice Analyzer (BPA). It comes with a plugin for ASP.NET 2.0, and as Scott notes you might be surprised if you run it on one of your projects. Not only will it find potential problems but also suggest accurate solutions. His post also gives links to the various best practices tools currently available.

Monday, November 20, 2006

Lousy Random Number Generators

Over at Jeff Atwood’s blog, Coding Horror, I noticed a nice round-up of random number generation. I tried to post a quick comment but it kept being rejected so I’ve blogged it here instead.

Anyone interested in a small but 'highly' random generator that suffers from few points of failure should check out the mersenne twister pseudo-random number generator algorithm. This work is fairly recent (1998). I believe it has been implemented in the .NET framework?

The problem that plagues most generators occurs when you require a huge set of random numbers for large simulations (such as Monte Carlo simulations, for instance).

A word of advice: never, never attempt to roll your own generator or ‘improve’ an existing one. The results will be at best less than random, and at worst dangerous! It’s in the same sin category as using Bubble Sort. A most heinous crime!

Saturday, November 18, 2006

Raku Ceramics and Zoomorphic forms

Until recently, when I moved house, I had a Raku kiln in my back yard (well, actually more of a neglected savannah). Raku originated in Japan in the late 16th Century, but has become adopted and popularised in the West. One of the exciting glaze techniques in Raku is reduction, where hot (as in 900+ C) fired oxide glazed ceramics are removed straight from the kiln and placed into a reducing environment (i.e. little or no oxygen) such as paper or sawdust, often in a sealed metal bin.

It can sometimes be a little disappointing, when after a couple of hours of cooling, you extract an all black pot, but sometimes the effects are marvelous, in all the hues you can imagine. The other source of excitement is being engulfed in flames from head to toe (we do wear appropriate safety equipment, such as casting gloves, splash screen masks and organo-metal filtered breathing masks. Also, always wear all cotton clothes, never anything made from synthetic materials).

I promised Joanna I would post a link to her (almost finished) site (that web site designer is so slack!), so here it is: Joanna Wakefield Ceramics.

New Features in C# 3.0

The C# 3.0 language enhancements are part of the LINQ project, whose aim is to make working with data as easy as working with objects. This will be a major evolutionary step forward in Microsoft’s development landscape (John Lam’s recent addition to the Microsoft stable could also be seen as a push in this direction). LINQ provides a single, general purpose declarative query functionality that can be applied to in-memory and persisted data. These new language features are:

Implicitly typed local variables whose type can to be inferred from the expressions used to initialize them.

Object and collection initializers combine creation and initialization into a single step, allowing values to be specified for fields or properties for newly created objects.

Anonymous types, which are tuple types automatically inferred and created from object initializers.

Query expressions provide a language-integrated syntax for queries similar to relational and hierarchical query languages such as SQL and XQuery. This provides compile time checking of queried types, rather than at runtime. A definite productivity boost.

A great way to find out about the enhancements in C# 3.0, is to download the LINQ preview and to work through the short tutorials, which showcase all of the additions listed above. NOTE: I suggest you run up a VPC image, as LINQ does not yet have a Go Live license available. You can download BLINQ here.

I’ll explore some examples of these new language features in a couple of subsequent posts.

Sunday, November 12, 2006

Book Review: Professional Visual Studio 2005

This book is aimed at developers who are new to Visual Studio, and those with some exposure to it. It attempts to cover a large number of topics and features, and it does that admirably. It contains 56 chapters, spanning approximately 870 pages. This means that the coverage will not be quite as in-depth as other books on similar topics. For instance, compare with Apress’s PRO ASP.NET 2.0 which is longer by almost 400 pages and just 34 chapters. The source code for the examples in the book can be downloaded online.

It’s rather extensive breadth means that some of the chapters are a bit short; for instance Chapter 28 on Assembly Signing is just 3 pages long. In one or two places, I would have preferred slightly less breadth and a little more depth. Some of the chapters should have either been condensed into other sections or removed completely.

There is one omission in Chapter 4. This chapter provides a good introduction to the various kinds of projects available, but does not cover the ‘new’ Web Application Projects. This was due to the timing of the book’s completion and publication. Web Application projects are a freely downloadable add-in and will be included in Visual Studio 2005 Service Pack 1 in the very near future. They have been around for some time, and are in use around 50/50 compared with Web Site projects. They are essential for enterprise development of web sites. Another restriction of Web Site projects is that you can not use them with TSFS, as they do not have a permanent solution file.

There are a couple of places where screenshots might be confusing, such as Figure 51-3 on pg 728, because the correct line (aspnet_wp.exe) is not highlighted. There are also several sections with perhaps too many screenshots, such as pages 30-33.

The sort of coverage I would have liked to see expanded upon would have been best practices using the IDE and some worked examples. Since this book is aimed at newcomers, I think it could have contained more process based advice rather than just explaining what features are available. Even experienced developers moving from other environments would benefit greatly from advice showing ‘best practice’ ways of organising projects and solutions.

In conclusion: If you are new to Visual Studio 2005 and want to whet your appetite with a book that covers a great number of the available features, this book is worth reading. If you are already an experienced developer, you may pick up one or two gems, but the majority of the material will probably be familiar to you. I do not think this is a book you will read cover to cover, but rather dip into as and when you come across a certain feature and want to explore it a little further.

Disclaimer: I know one of the authors, Nick Randolph, personally (Nick has been the main organiser of the Perth .Net UG until his recent journey to New Zealand). I borrowed a copy of the book from the User Group library, as Nick had kindly donated a copy. Use of the library is free to User Group members, which is just one reason to join and participate.

One thing I noticed was the book states (pg xxxix) that the minimum requirement to use the book is VS 2005 PRO but I did find just one feature that requires VSTS. I’ll leave finding it as an exercise for the reader!

Thursday, November 09, 2006

Annoying Download Behaviour

Sometimes the seemingly simplest problems set you seething. Today I wasted at least 30 minutes trying to discover the reason why, when I clicked on a web page file download link, it would automatically download the file and open it without giving me the option to save it.If you've worked in any kind of support role, you will have heard this many times: I hadn't changed anything! At least knowingly. At first I blamed IE (the universal scape goat!).

A few days ago downloads went off with a bang everytime, today the touch paper was fizzling and going out! I'm sure I didn't change anything... It's times like these, you realise how frustrating technology must be to someone who is not computer literate.

I could have fired up FileMon to find where it was temporarily storing the file, but this seemed the wrong answer. The answer in the end was very simple, but I still have no idea why it had changed...):

Open Windows Explorer

On the Tools menu, click Options

On the File Types tab, select the appropriate file type in the Registered File Types list

Click the Advanced button and ensure the "Confirm open after download" checkbox is ticked

Wednesday, November 08, 2006

How Not to Implement a Data Layer

If you are creating a new application with a clean slate, please don’t do what a developer I had first hand experience with did. This is the sort of material I would expect to find on the daily WTF!

Warning! Coding Horror follows. Don’t do this!

1) Ridicule code generation saying it won’t work, and that no one is using it anywhere. Reject the fact that several industry luminaries with great architectural experience have designed excellent code generated frameworks. Don’t generate anything. Do it all by cut and paste. Write your stored procedures by hand, despite the fact that 90% of them have a similar structure.2) Design and implement your own less than optimal scheme for a data access layer and business logic layer, despite the fact that a quick internet search and a few hours reading would quickly show you the gaps in your knowledge. When I say less than optimal, what exactly do I mean? How about using reflection between your data access and business logic layer! Oh and while you’re at it, for good measure create your own non industry standard nomenclature, just to make it more confusing.3) Ignore advice on inheriting from BindingList instead of List; plus completely ignore the fact that you probably will want to implement an event driven model for your object classes.4) Create Load methods that can take different types of keys (think table primary key and rowids in Oracle). Pass one type of identifier to some methods, and the alternative to others.5) When challenged to justify your design decisions say you did it that way in C++!6) I could continue, but I think you get the idea…

You should definitely consider one of the many good tools already available for generating DALs and BLL stubs. Several are free, such as CSLA by Rockford Lhotka (buy the book, it’s a sound investment), MyGen, NetTiers 2.0 (although you will probably need to buy CodeSmith). Others require you to part with money such as the (IMO, poorly named) LLBLGEN Pro which has a stack of ORM features, and Wilson OR Mapper to name but a few.

I’ve spoken to one or two people recently who were amazed that someone with 10+ years of experience could do something like this, which is the reason I decided to post. It all comes back to Ego. The better programmers are usually the ones with the smallest egos. OK, I feel better having got that off my chest!

SQL Refactor

Saw this via David Haydn's blog: Red-Gate's SQL Refactor. I know a few companies that could use one or two licenses of this management studio add-in! David's post shows a quick clean-up of a stored procedure.

On Certifications, Learning and the ACS

Rob Farley’s series of blog posts (How they know you know , What’s wrong with IT?, On Learning) raise some excellent questions on how we could provide accurate and representative certifications in software development. Does the software development industry need a regulatory body? This is something the ACS has tried and so far failed to do, though I suspect they are doing this from a political motivation rather from a position of industry consensus.

Do certifications matter? It depends!

Do certifications prove you can do a specific job? It depends!

Would certifications with logged hours prove you can do a specific job? Definitely!

Rob provides an analogy with the health industry but I think this is more like gaining your pilot’s license. You have to log a certain number of flying hours i.e. actual ‘on the job’ experience, recorded and logged and audited. Trainee surgeons perform minor surgery under the watchful eye of their mentors, and as their experience increases they perform increasingly complex and lengthy procedures. Trainee pilots fly dual control planes with their mentor in order to log sufficient flying hours (a friend with a pilot’s license assures me that PC flight simulators really do help you learn to fly!). So perhaps this is what the software industry is lacking. No one wants you flying a plane solo or whipping out an appendix if you don’t know what you are doing! But is the topic too broad and changing too quickly? Should we just favour people you have the ability to learn quickly, are enthusiastic and have the ability to get the job done?

Can you regulate and accreditise the software development Industry? Is the ACS the body to do it? I personally think that the single most important factor in making the IT industry, and particularly the software development side of it, almost impossible to regulate is its breadth and rate of change. By the time anyone writes a comprehensive accreditation (including books, exams and the information filters through to university courses etc) it has often been revised, sometimes dramatically so.

The very malleable and black box nature of software renders it unsuitable for the same metrics or ergonomics we apply to other more tangible things. Take for instance, designing an entirely new interface to a process: with no ‘yard’ stick other than experience, it is hard to define a ‘good’ (or even ‘good enough’) interface. [This is where the Zen like “Be your own client” is useful]. It is not something that is easily taught; rather it needs to be experienced. Rather like the important role of making mistakes and learning by them. There are schools of thought that believe making mistakes are a fundamental part of the learning process.

I think a positive way forward is for a company such as Microsoft to bring out developer certifications in 'a new' sandbox format that truly measure 'ingrained' skills as oppose to 'swotted' facts. Microsoft has already made moves in this direction. A software certification that is guaranteed to prove you can do a range of things would be much more like law or accountancy exams. Exams which are heavily multiple choice orientated are always going to spawn so called brain dumps, which can be rote learned. Now there is nothing essentially wrong with rote learning; after all that’s how we all learn to speak! The problem is that the number of questions can never be large enough to be a representative test, unless you were asking hundreds, if not thousands of questions, which of course is impractical.

A number of the leading practioneers in our industry are self taught programmers. OK, I have no hard statistics, but I do know at least half of the high profile names in our industry are self taught programmers, and that’s not to say they don’t have a university education in Computer Science or some other subject. It’s just that they taught themselves before attending a degree course.

Consider the fact that most managers have no relevant qualification or certification to show they can perform their role well (and let’s face it, many can’t). This is no different from a programmer. Do we expect managers to have certifications in management? Hmmm, maybe we should…

I think Mitch Denny and Rob Farley made some excellent observations but I think they may have missed something when they talk about the digital native. The biggest problem digital natives face is not that they dislike learning or being taught, it’s that they do not like being held back in the rate of learning; education is set up to run at a pace slightly above (and one would hope above not below) the ‘class average’ and that syllabuses, teaching methods and rate, reflect this. If you are passionately interested in any topic, learning it will not seem like a chore and the rate of learning and retention is much higher.

The ACS has tried to be more relevant but does not seem to be succeeding (I won’t mention the pin-up calendar affair, nor that they are conspicuously silent in the blogosphere!). Maybe new, recruits like Rob can have a significant impact and I truly hope so; but deep down I’m a cynic and I believe they won’t make a substantial difference in the near term. Many people who have become involved with the ACS have commented on its heavy bureaucracy, and like politics, many people get involved eager to change things but slowly get absorbed by the existing command structure.

I’m not adverse to the ACS or other societies such as the ACM and IEEE (I have been a member of both), nor am I adverse to the ACS attempting to be a catalyst for change in the industry (hell, I might even join for a year!), I just don’t think they are going about it in the right way.I felt encouraged reading Rob’s account of the ACS’s mentoring scheme, which sounds like a great idea and probably worth the membership fee alone, if the program is any good; it’s only downside appears to be that it is effectively a ‘closed-shop’, so it’s not possible to say whether or not it’s particularly relevant. I believe the best thing the ACS could do to show that it is the right body for the software development industry, is to make it’s mentoring program more open and maybe even open it to non-members with the view that if it is good then people will join in order to have continued involvement in the mentoring program.

Personally, I’d love to have a mentor! I was about to say it’s probably too late for me but then I remembered this:

It is never too late to be what you might have been. - George Eliot

“Change favours the rich, the insider, the passionate and the downright lucky!” That’s enough raving from me…

UPDATE: Rob Farley let me know that the ACS mentoring scheme only applies to people in the Professional Development course run by the ACS. It doesn't apply automatically to all members.

The idea is that it enables you to incrementally enhance your VB6 applications utilising functionality in the .NET framework. Might be a good solution for someone supporting an existing VB6 application.

I used to be an end brace man…

Don’t worry, I’m not about to burst into song (that would be unpleasant)!

Over the past two decades, I have shed most of my personal biases towards coding style. Where once I would have argued vehemently for a particular syntax just because I currently used it, I am now always happy to be shown a better or more logical way. I still believe that any coding convention should be backed by the reason it makes the code more readable, rather than just personal preference. When there is no benefit in one style over another, then personnal preference obviously comes into play.

But the one thing I can’t shed is the placement of curly braces in the C style languages (C/C++/C#). Now I’m not trying to ignite a holy war here.

For the first 3 or 4 years I programmed in C and C++, I positioned the curly braces like this:

if () {

…

}

But over time and exposure to many other languages (and many other programmers’ styles) I felt that it was unbalanced so I switched my style to

if ()

{

…

}

where I remain. To me, the semantics suggest Begin … End, so the second style seems more natural. This seems to be the default standard for the Visual Studio IDE. I had taken heart in the fact that the majority of the code I’ve seen coming out of Microsoft generation tools has followed this style, but to my horror I recently spotted generated code that follows “1st brace at the end of line”! After a bit of nosing around it seems it’s roughly 60/40. Even the .NET Framework Design Guidelines use the first style, despite the fact that Lance Hunt’s and other popular and freely downloadable coding guidelines specify the second.

One thing I don’t understand is why developers who adhere to the second style don’t write their methods the same way? i.e.

publicint MyMethod(int x, int y) {

return h = x + y;

}

So all the C# coders who read this blog, please leave a comment indicating your preferred brace style. I’m curious, so don’t be shy!